Description:
A vulnerability was reported in Crystal Reports. A remote user can cause denial of service conditions.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a buffer overflow in the 'EnterpriseControls.dll' and cause the target application to crash.

The CLSID of the vulnerable control is: 3D58C9F3-7CA5-4C44-9D62-C5B63E059050

The original advisory and demonstration exploit is available at:

http://milw0rm.com/exploits/4931

shinnai reported this vulnerability.

[Editor's note: The report indicates that a modified version of the safe-for-scripting ActiveX control can cause code execution and that the unmodified version will cause denial of service conditions.]

Impact:
A remote user can create HTML that, when loaded by the target user, will cause the target user's browser to crash.